HITRUST’s Inaugural Trust Report Sets New Industry Standard for Cybersecurity Assurances and Information Risk … – PR Newswire

3 minutes, 46 seconds Read

Revealing Unprecedented Insights and Performance Data, HITRUST Showcases 0.64% Breach Rate Through Its Program, Redefining Excellence in Information Security

FRISCO, Texas, April 15, 2024 /PRNewswire/ — HITRUST, the leader in enterprise risk management, information security, and compliance assurances, has released its inaugural Trust Report. The Report offers, for the first time, public details, and measurable results from HITRUST’s framework, assurance methodology, and associated systems as it relates to information risk management. The detailed analyses in the Report showcase the effectiveness of HITRUST’s processes to measurably and materially reduce the risk of cyber breaches and demonstrate their impact on enhancing digital trust worldwide and supporting information risk management.

The Trust Report arrives at a crucial juncture, with organizations grappling to combat increasingly complex cyber threats and balance demanding regulatory requirements. The Report highlights HITRUST’s leadership, innovation and quality in information risk, security, and compliance assurances – establishing a benchmark for information assurances. 

Setting The Standard for Assurance

At its core, the Trust Report illustrates that trust is the definitive element of an assurance program, but relevance and reliability are the key dimensions for building trust.

Relevance ensures the program, and its associated components, are adaptive and regularly updated based on changes in the threat landscape, market, and regulatory requirements. The HITRUST Cyber Threat Adaptive (patent pending) approach enables regular analysis and evaluation of its control specifications against threat intelligence and breach data to provide relevance.

Reliability ensures the program is executed in a transparent, consistent, accurate manner, with the utmost of integrity, efficiency and scalability. HITRUST delivers the highest levels of reliability through its extensive third-party validation, centralized review, scoring, and assurance methodology.

The report demonstrates that both relevance and reliability are needed for an assurance report to be trustworthy and effective in managing information risk and validates HITRUST’s unwavering commitment to these principles with supporting references and data.

Proven Effectiveness

A key statistic from the Report is that only 0.64% of HITRUST-certified environments reported breaches in the last two years (2022 and 2023).

“We have spent 17 years building a reliable and relevant model and ecosystem that delivers powerful results through measurement and accountability to fuel continuous improvement and risk reduction,” stated Daniel Nutkis, Founder and CEO, HITRUST. “This statistic confirms the effectiveness of the HITRUST assurance program in mitigating information risk to an acceptable level”.

Other key data include:

  • 97% of all threat indicators in MITRE ATT&CK are covered by the HITRUST Common Security Framework (CSF). The remaining 3% do not have identified mitigations in the MITRE ATT&CK framework.
  • HITRUST r2 certified organizations are committed to security accountability as demonstrated by 92% of controls that did not fully meet the HITRUST CSF framework requirements being remediated within one year of achieving certification.

Rising Demand

HITRUST also reports that they experienced a surge in certification demand in 2023. The trend continues into 2024, with organizations communicating that they, and their customers, need solutions beyond questionnaires, self-assessments, or models that lack proven controls or rigorous third-party validation. Our expanded portfolio makes HITRUST applicable in nearly every situation.

“They are finding that HITRUST solutions offer a very efficient and cost-effective means of improving security capabilities to manage risk while meeting multiple compliance requirements at the same time,” said Blake Sutherland, EVP of Market Engagement, HITRUST.

Download Available Now

As organizations navigate the complexities of information risk management, security and compliance, HITRUST offers a dependable framework and methodology for achieving and demonstrating cyber resilience and building trust. “We encourage all stakeholders, policy makers and regulators to explore our findings and understand why HITRUST remains the standard in cybersecurity and compliance assurance,” Nutkis added.

The report is publicly available, reflecting HITRUST’s commitment to transparency and excellence in cybersecurity assurance. For more information and to download the report, visit HITRUSTalliance.net.


HITRUST, the leader in enterprise risk management, information security, and compliance assurances, offers a certification system for the application and validation of security, privacy, and AI controls, informed by over 50 standards and frameworks. The company’s threat-adaptive approach delivers the most relevant and reliable solution, including multiple selectable and traversable control sets, over 100 independent assessment firms, centralized quality reviews and certification, and a powerful SaaS platform enabling its program and ecosystem. For over 17 years, HITRUST has led the assurance industry and today is widely recognized as the most trusted solution to establish, maintain, and demonstrate security capabilities for risks management and compliance. 

For media inquiries, please contact:

Leslie Kesselring
Kesselring Communications for HITRUST
[email protected]


This post was originally published on 3rd party site mentioned in the title of this site

Similar Posts